Revisions of firewalld
Callum Farmer (gmbr3)
accepted
request 986625
from
Callum Farmer (gmbr3)
(revision 125)
- Update to 1.2.0: * feat(firewalld): add new --log-target parameter * feat(service): add snmptls, snmptls-trap services * feat(service): add IPFS service * feat(fw): startup failsafe * feat(service): Add kubelet-readonly * feat(service): Add secure version of k8s controller-plane components * feat(bash): completion of policy-related commands * feat(service): add prometheus node-exporter * feat(service): add Kodi JSON-RPC and EventServer services
Callum Farmer (gmbr3)
accepted
request 984147
from
Stefan Schubert (schubi2)
(revision 124)
- Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
Callum Farmer (gmbr3)
accepted
request 966067
from
Callum Farmer (gmbr3)
(revision 123)
- Update to 1.1.1: * fix(build): oci: use centos:stream8 instead of ubi:8 * fix(functions): --check-config fails if direct.xml exists * fix(build): oci: use dbus inside the container * docs(README): add note about container host integration * docs: typo fixes
Michał Rostecki (mrostecki)
accepted
request 962711
from
Witek Bedyk (witekbedyk)
(revision 122)
- Provide dummy firewalld-prometheus-config package (bsc#1197042) This is to prevent file conflicts between Firewalld and Prometheus packages in case Prometheus package is built on a different system than the target one (as it is the case for SUSE Manager).
Callum Farmer (gmbr3)
accepted
request 960050
from
Martin Wilck (mwilck)
(revision 121)
- Add code for safe modprobe.d migration (https://en.opensuse.org/openSUSE:Packaging_UsrEtc) - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)
Callum Farmer (gmbr3)
accepted
request 959442
from
Thorsten Kukuk (kukuk)
(revision 120)
- Fix modprobe.d directory for SLE15 SP3 - Cleanup dependencies: - ipset, ebtables and iptables are purely optional and deprecated, so don't require them - sysconfig is not needed at all - Don't hard require systemd, we don't have and need that in containers
Callum Farmer (gmbr3)
accepted
request 957778
from
Callum Farmer (gmbr3)
(revision 119)
- Update to 1.1.0: * feat(service): Add jellyfin service * feat(policy): support OUTPUT forward ports * feat: config check improvements * feat(service): add http3 * feat(service): add service definition for WS-Discovery Client * feat(service): add service definition for WS-Discovery * feat(service): add service definition for AFP * feat(rich): Support nflog target and add log attribute errors/checks * feat(service): add ZeroTier service
Callum Farmer (gmbr3)
accepted
request 946415
from
Callum Farmer (gmbr3)
(revision 118)
- Update to 1.0.3: * fix(io): _check_config() expects a dict * feat(build): distribute an OCI container image * fix(ipset): reduce cost of entry overlap detection
Michał Rostecki (mrostecki)
accepted
request 932169
from
Michał Rostecki (mrostecki)
(revision 117)
- Update to 1.0.2: * fix(firewalld): check capng_apply() return code * fix(nftables): do not log icmp block if inversion * fix(nftables): rich: source address with netmask * fix(fw_config): zone: on rename remove then add * fix(io/functions): check_config against on disk conf * fix(zone): detect same source/interface in zones * docs(policy): fix typos * docs(policies): fix typos
Michał Rostecki (mrostecki)
accepted
request 921449
from
Callum Farmer (gmbr3)
(revision 116)
- Update to 1.0.1: * keep linux capability CAP_SYS_MODULE * UPnP Client: actually allow SSDP traffic * Fix RPM macros to test if firewall-cmd is executable
Michał Rostecki (mrostecki)
accepted
request 910605
from
Callum Farmer (gmbr3)
(revision 115)
- Update to 1.0.0: * Reduced dependencies * Intra-zone forwarding by default * NAT rules moved to inet family (reduced rule set) * Default target is now similar to reject * ICMP blocks and block inversion only apply to input, not forward * tftp-client service has been removed * iptables backend is deprecated * Direct interface is deprecated * CleanupModulesOnExit defaults to no (kernel modules not unloaded) - Add new firewalld-test package - Move bash and zsh completions to more useful separate packages - Clean spec file - Move modprobe.d and autostart files out of /etc
Michał Rostecki (mrostecki)
accepted
request 883554
from
Michał Rostecki (mrostecki)
(revision 114)
- Remove dependency on firewalld from firewall-macros (bsc#1183404)
Michał Rostecki (mrostecki)
accepted
request 873148
from
Michał Rostecki (mrostecki)
(revision 113)
Preserve the reference to jsc#SLE-12281 in the old update to 0.7.5
Michał Rostecki (mrostecki)
accepted
request 866984
from
Michał Rostecki (mrostecki)
(revision 112)
- Update to 0.9.3 (jsc#SLE-17336): nftables (jsc#SLE-16300): (rhbz#1817022, jsc#SLE-16300)
Michał Rostecki (mrostecki)
accepted
request 866974
from
Michał Rostecki (mrostecki)
(revision 111)
- Update to 0.9.3 (SLE-17336): nftables (SLE-16300): (rhbz#1817022, SLE-16300)
Michał Rostecki (mrostecki)
accepted
request 866966
from
Michał Rostecki (mrostecki)
(revision 110)
- Disable FlushAllOnReload option to not retain interface to zone assignments and direct rules when using --reload option. * 0002-Disable-FlushAllOnReload-option.patch
Michał Rostecki (mrostecki)
accepted
request 866564
from
Michał Rostecki (mrostecki)
(revision 109)
- Update to 0.9.3: * docs(dbus): fix invalid method names * fix(forward): iptables: ipset used as zone source * fix(rich): non-printable characters removed from rich rules * docs(firewall-cmd): small description grammar fix * fix(rich): limit table to strip non-printables to C0 and C1 * fix(zone): add source with mac address
Michał Rostecki (mrostecki)
accepted
request 863051
from
Robert Frohl (rfrohl)
(revision 108)
add missing dependency for firewall-offline-cmd
Michał Rostecki (mrostecki)
accepted
request 847325
from
Michał Rostecki (mrostecki)
(revision 107)
- Remove the patch which enforces usage of iptables instead of nftables: * 0001-firewall-backend-Switch-default-backend-to-iptables.patch - Add firewalld zone for the docker0 interface. This is the workaround for lack of nftables support in docker. Without that additional zone, containers have no Internet connectivity. (rhbz#1817022) - Update to 0.9.1: * Bugfixes: * docs(firewall-cmd): clarify lockdown whitelist command paths * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active * fix(policy): zone interface/source changes should affect all using zone
Robert Frohl (rfrohl)
accepted
request 835127
from
Franck Bui (fbui)
(revision 106)
- Make use of %service_del_postun_without_restart And stop using DISABLE_RESTART_ON_UPDATE as this interface is obsolete.
Displaying revisions 41 - 60 of 165